Hopefully, someone out there can help me better understand these HIPAA regulations with Data Backups.
I understand that they require “Data at Rest Encryption”, but isn’t it enough that the workstations/servers are encrypted before they are sent to the NAS, and then offloaded to a proper cloud backup provider like Backblaze B2 over an encrypted session or am I missing something here? I RTFM and a lot, and I have more questions than I do answers. My scenario would be as such
<workstation/server + Encrypted on the fly backup> --> ZFS Based NAS --> B2 offsite
or
<workstation/server + Encrypted on the fly backup> --> ZFS Based NAS --> Double Encrypted by Duplicati -> B2 offsite
Either scenario, Encrypted data at rest shouldn’t matter to me if it was pre-encrypted before it leaves the workstation/server and transmitted to the NAS and then remotely over a secure tunnel or am I missing something??
I feel like my brain is melting through my pores at this point. I am looking forward to a “dummies” version of a reply. Thank you in Advance!